From: Marcus MERIGHI <mcmer-openbsd@tor.at>
Subject: chmod o= /var/account/acct
To: tech@openbsd.org
Date: Sat, 17 Feb 2024 11:42:09 +0100

Hello, 

I've wondered whether it is good to have system accounting information
readable by everyone. 

I've done a quick test with 'chmod o= /var/account/acct' and nothing
seems to break (on amd64, -current).

That is why I propose the patch to /etc/mtree/special below.

Marcus

Index: special
===================================================================
RCS file: /cvs/src/etc/mtree/special,v
retrieving revision 1.129
diff -u -p -r1.129 special
--- special	19 Sep 2023 15:02:55 -0000	1.129
+++ special	17 Feb 2024 10:37:07 -0000
@@ -161,7 +161,7 @@ share		type=dir mode=0755 uname=root gna
 
 var		type=dir mode=0755 uname=root gname=wheel
 account		type=dir mode=0755 uname=root gname=wheel
-acct		type=file mode=0644 uname=root gname=wheel optional
+acct		type=file mode=0640 uname=root gname=wheel optional
 ..	#var/account
 yp		type=dir mode=0755 uname=root gname=wheel optional ignore
 ..	#var/yp